package com.bub.pay.framework.shiro.manager;

import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import java.io.Serializable;

public class BNWebSessionManager extends DefaultWebSessionManager {

    private static final Logger log = LoggerFactory.getLogger(BNWebSessionManager.class);

    protected void doValidate(Session session) throws InvalidSessionException {
//        if (session instanceof ValidatingSession) {
//            ((ValidatingSession) session).validate();
//        } else {
//            String msg = "The " + getClass().getName() + " implementation only supports validating " +
//                    "Session implementations of the " + ValidatingSession.class.getName() + " interface.  " +
//                    "Please either implement this interface in your session implementation or override the " +
//                    AbstractValidatingSessionManager.class.getName() + ".doValidate(Session) method to perform validation.";
//            throw new IllegalStateException(msg);
//        }
    }

    @Override
    protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
        return getReferencedSessionId(request, response);
    }

    private Serializable getReferencedSessionId(ServletRequest request, ServletResponse response) {

        String id = getSessionIdCookieValue(request, response);
        if (id != null) {
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
                    ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE);
        }else{
            id = ((HttpServletRequest)request).getHeader("Authorization");
        }

        //源码cookie中没有JSESSIONID会uri中获取 没有再从parameter中获取导致inputstream被破坏

        if (id != null) {
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
            //automatically mark it valid here.  If it is invalid, the
            //onUnknownSession method below will be invoked and we'll remove the attribute at that time.
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
        }

        // always set rewrite flag - SHIRO-361
        request.setAttribute(ShiroHttpServletRequest.SESSION_ID_URL_REWRITING_ENABLED, isSessionIdUrlRewritingEnabled());

        return id;
    }


    private String getSessionIdCookieValue(ServletRequest request, ServletResponse response) {
        if (!isSessionIdCookieEnabled()) {
            log.debug("Session ID cookie is disabled - session id will not be acquired from a request cookie.");
            return null;
        }
        if (!(request instanceof HttpServletRequest)) {
            log.debug("Current request is not an HttpServletRequest - cannot get session ID cookie.  Returning null.");
            return null;
        }
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        return getSessionIdCookie().readValue(httpRequest, WebUtils.toHttp(response));
    }

}
